| Cloud computing guides the revolution about information technology and service.It is based on Internet to provide users with high-performance computing resources,and large scale of shared services. At the same time, as more and more people usecloud computing widely, security issues start to grow. Since users lose control ofresources gradually, how to make them to trust the cloud computing platform becomesone of the important issues of cloud security. So far, there is also not a effectivemechanism to protect the safety of the cloud.As the foundation of the entire cloud computing model, the safety of IaaS affectsthe service to the top directly. On the other hand, the emergence of trusted computingtechnology makes itself used in security systems and hardware more widely. Thetrusted chain as a focus about the trusted computing technology, by starting from theroot of trust, trust step by step until the submission date extended to the entirecomputing platform approach provides a reliable operating environment for theterminal system. This article is the integration of the advantages of the trust chain toIaaS layer of cloud computing platform for virtualization, multi-tenant and othercharacteristics, proposed the use of technology to build the trust chain thinking atrusted cloud computing platform terminal. And combining integrity measurement andremote proof protection, according to the various components to determine theintegrity of the information collected platform credibility. The main innovations ofthis paper include:(1) Combined with existing virtualization Xen in cloud computing and trustedroot technology, TPM (Trusted Platform Module) is embedded in the trusted cloudcomputing platform to build an safe and reliable computing terminal platform from ahardware perspective. And on this basis, we propose a complete chain theoreticalmodel from TPM to applications in virtual machine to guarantee the safety of theterminal platforms. What’s more, TPM uses software to simulate TPM in the virtualmachine as a trusted root. By building a static trusted chain and verificationdepending on the third-party, it ensures the safety of the trusted hardware andapplications.(2) In order to ensure the credibility of the cloud computing platform, this paperintroduces remote attestation techniques based on trusted third party. There are two stages within building the trusted chain, namely: physical platform and the virtualmachine. And they will be the evidence as a platform for the credibility. Among them,the first stage relies on a static physical platform integrity measurement to measurethe trusted chain and transmits the results to a trusted third party follow. The secondstage relies on a new proposed measurement model called GKMA to measure itsintegrity in virtual machine and its departure from the user perspective to attestremotely.(3) In the term of availability of virtual machine online migration on cloudservices, this paper proposes a new protocol to guarantee the safety of VM-vTPM inthis progress. Thus the trusted chain can be reliable established again. |
PDF Full Text Request